Google announced that its protected Kernel-based Virtual Machine (pKVM) for Android has achieved SESIP Level 5 certification, the highest security assurance level for IoT and mobile platforms.
The pKVM is the hypervisor underpinning the Android Virtualization Framework (AVF), providing an isolated, high-assurance environment for executing critical workloads. These include Google's AI models like Gemini Nano for local personal data processing, biometric authentication (face, fingerprint), DRM content handling, and firmware-level security.
Level 5 in SESIP (Security Evaluation Standard for IoT Platforms) is the highest assurance tier in the system developed by TrustCB, meaning a system has been tested against AVA_VAN.5 from Common Criteria (ISO 15408).
"Today marks a watershed moment and new benchmark for open-source security and the future of consumer electronics," Google announced.
"Google is proud to announce that protected KVM (pKVM), the hypervisor that powers the Android Virtualization Framework, has officially achieved SESIP Level 5 certification."
"This makes pKVM the first software security system designed for large-scale deployment in consumer electronics to meet this assurance bar."
Google says its pKVM was tested by DEKRA in certified testing laboratories, which was confirmed to be resistant to sophisticated and advanced threats.
Google commented that many TEEs (Trusted Execution Environments) found in consumer devices aren't formally certified or have only achieved lower levels of security assurance.
The tech giant says this creates uncertainty and disincentivizes developers from building highly secure applications that incorporate top-notch data protection mechanisms.
What does this mean for users?
... continue reading